Discovering IPv6 with Wireshark. presented by Rolf Leutert

Discovering IPv6 with Wireshark presented by Rolf Leutert

Instructor: Rolf Leutert, Network Expert & Trainer Leutert NetServices Troubleshooting & Trainings Zürich-Airport, Switzerland Sniffer certified Instructor since 1990 Wireshark Instructor since 2006 Wireshark Certified Network Analyst 2010 leutert@wireshark.ch www.wireshark.ch

Agenda Address Autoconfiguration Neighbor discovery, Router discovery Host configuration with DHCPv6 New DNS AAAA record Transition technologies, 6rd Tunnel Leutert NetServices World IPv6 Launch June 6th, 2012 3

Address Autoconfiguration IPv6 Stateless Address Autoconfiguration (SLAAC) An IPv6 host will auto configure a link-local address for each interface Prefix for link-local address is fe80::/64 Interface ID is either derived from MAC address or a random value Ethernet MAC address 00 : 30 : 64 : 6b : 85 : 32 IPv6 address: EUI-64 format fe 80 00 00 00 00 00 00 02 30 64 ff fe 6b 85 32 IPv6 address: privacy format fe 80 00 00 00 00 00 00 9c 4a e7 8a 20 38 d4 d1 random value + Leutert NetServices World IPv6 Launch June 6th, 2012 4

Address Autoconfiguration IPv6 Stateless Address Autoconfiguration (SLAAC) If a router is present, host will also autoconfigure global address Prefix will be obtained from router, example 2001:db8::/64 Interface ID is either derived from MAC address or a random value Router indicates in advertisement if stateful configuration may be used Ethernet MAC address 00 : 30 : 64 : 6b : 85 : 32 IPv6 address: EUI-64 format 20 01 0d b8 00 00 00 00 02 30 64 ff fe 6b 85 32 IPv6 address: privacy format 20 01 0d b8 00 00 00 00 9c 4a e7 8a 20 38 d4 d1 random value + Leutert NetServices World IPv6 Launch June 6th, 2012 5

Address Autoconfiguration Solicited Node Multicast Address (SNMA) Probably the most strange part of IPv6 addressing An IPv6 host forms a SNMA for each own unicast address in use The SNMA address is used for Neighbor Discovery (replacement of ARP) The SNMA address is derived from each unicast address in use Hosts unicast address 20 01 0d b8 00 00 00 00 02 30 64 ff fe 6b 85 32 Hosts SNMA address ff 02 00 00 00 00 00 00 00 00 00 01 ff 6b 85 32 SNMA prefix ff02:0:0:0:0:1:ff00/104 24 bits SNMA derived from unicast address: ff02::1:ff6b:8532 Leutert NetServices World IPv6 Launch June 6th, 2012 6

Duplicate Address Detection (DAD) The initial client startup process includes the following steps: Frame # 1 Duplicate Address Detection after Link-Local autoconfiguration 2 Router Discovery 3 Router Advertisement and global address autoconfiguration 4 Neighbor Discovery (searching for Router MAC) 5 Neighbor Advertisement (reply from Router with MAC) 6 Duplicate Address Detection with acquired global address Leutert NetServices World IPv6 Launch June 6th, 2012 7

IPv6 Interfaces In Windows Vista/7, each IPv6 interface is numbered with unique Zone ID A link-local address is automatically configured with the address prefix fe80::/64 for each physical or logical IPv6 interface If a router is available, a global address is configured on interface Leutert NetServices World IPv6 Launch June 6th, 2012 8

IPv6 Interfaces Global Addresses Link Local Addresses Leutert NetServices World IPv6 Launch June 6th, 2012 9

Agenda Address Autoconfiguration Neighbor discovery, Router discovery Host configuration with DHCPv6 New DNS AAAA record Transition technologies, 6rd Tunnel Leutert NetServices World IPv6 Launch June 6th, 2012 10

TCP/IP Protocol Family Dual stack implementation Application Layer ICMPv4 TCP UDP TCP UDP ICMPv6 IPv4 IPv6 Many LAN, WLAN and WAN Protocols Internet Control Message Protocol v6 (ICMPv6) plays an important role Many new ICMPv6 messages have been defined Leutert NetServices World IPv6 Launch June 6th, 2012 11

ICMPv6 Messages Error and Control Messages Multicast Listener Discovery (MLD) Messages Neighbor Discovery (ND) Messages Echo Request/Reply Destination unreachable Time exceeded Redirect Parameter Problem Packet too big Multicast Listener Query Multicast Listener Report Multicast Listener Done Neighbor Solicitation Neighbor Advertisement Router Solicitation Router Advertisement ICMPv6 IPv6 LAN, WLAN and WAN Protocols Leutert NetServices World IPv6 Launch June 6th, 2012 12

Neighbor Discovery (ND) The initial client startup process includes the following steps: Frame # 1 Duplicate Address Detection after Link-Local autoconfiguration 2 Router Discovery 3 Router Advertisement and global address autoconfiguration 4 Neighbor Discovery (searching for Router MAC) 5 Neighbor Advertisement (reply from Router with MAC) 6 Duplicate Address Detection with acquired global address Leutert NetServices World IPv6 Launch June 6th, 2012 13

Agenda Address Autoconfiguration Neighbor discovery, Router discovery Host configuration with DHCPv6 New DNS AAAA record Transition technologies, 6rd Tunnel Leutert NetServices World IPv6 Launch June 6th, 2012 14

Host configuration with DHCPv6 Despite Address Autoconfiguration, DHCP plays an important role in IPv6 environment. It is required to provide clients with additional parameters like DNS server address and many other options. DHCPv6 offers different level of control over the workstations: Client parameters Stateless Auto Address Config. RFC2462 Stateless DHCP Service for IPv6 RFC3736 Stateful DHCPv6 RFC3315 Subnet Prefix & Mask From Router Advertisements (O-Flag=0 M-Flag=0) From Router Advertisements (O-Flag=1 / M-Flag=0) From Router Advertisements (O-Flag=1 / M-Flag=1) Interface Identifier Auto Configuration Auto Configuration From DHCPv6 Server DNS, NTP address etc. Manual Configuration From DHCPv6 Server From DHCPv6 Server O = Other Flag / M = Managed Flag Leutert NetServices World IPv6 Launch June 6th, 2012 15

Host configuration with DHCPv6 Router Configuration Examples: Cisco Router ZyXEL USG Series Leutert NetServices World IPv6 Launch June 6th, 2012 16

Host configuration with DHCPv6 During this phase, the client is supplied with additional parameters: Frame # 2 Router Discovery 3 Router Advertisement with Other Flag set 6 Client contacts DHCP server 7 DHCP server delivers additional parameter like DNS, suffixes etc. Leutert NetServices World IPv6 Launch June 6th, 2012 17

Host configuration with DHCPv6 DHCP Relay-forward 2001:cafe:0:30::199 Subnet 2001:cafe:0:20:: Subnet 2001:cafe:0:30:: Client Router DHCP Server DHCP Relay-reply Leutert NetServices World IPv6 Launch June 6th, 2012 18

Host configuration with DHCPv6 At this state, the client is configured with all required parameters: C:\windows\system32>ipconfig /all Ethernet-Adapter LAN-Verbindung: Verbindungsspezifisches DNS-Suffix: ipv6.ch Beschreibung........... : Marvell Yukon 88E8072 PCI-E Gigabit Ethernet Physikalische Adresse...... : 00-22-64-6B-85-32 DHCP aktiviert.......... : Ja Autokonfiguration aktiviert... : Ja IPv6-Adresse........... : 2001:cafe:0:20:222:64ff:fe6b:8532(Bevorzugt) Verbindungslokale IPv6-Adresse. : fe80::222:64ff:fe6b:8532%13(bevorzugt) Lease erhalten.......... : Samstag, 21. Februar 2009 11:46:04 Lease läuft ab.......... : Sonntag, 1. März 2009 11:46:03 Standardgateway......... : fe80::20b:fdff:feac:c561%13 DHCPv6-IAID........... : 251667044 DHCPv6-Client-DUID........ : 00-01-00-01-10-D2-B9-65-00-22-64-6B-85-32 DNS-Server........... : 2001:cafe:0:30::199 Suchliste für verbindungsspezifische DNS-Suffixe: yourdomain.ch ipv6.ch dummy.ch Leutert NetServices World IPv6 Launch June 6th, 2012 19

Agenda Address Autoconfiguration Neighbor discovery, Router discovery Host configuration with DHCPv6 New DNS AAAA record Transition technologies, 6rd Tunnel Leutert NetServices World IPv6 Launch June 6th, 2012 20

IPv6 Domain Name System (DNS) New AAAA resource record Due to the unhandy IPv6 address, DNS plays an important role in IPv6 A new resource record type AAAA (called quad-a) has been defined During migration, DNS servers will support dual stack IPv4/IPv6 IPv6 record queries and responses may be transmitted over IPv4 or IPv6 Dual stack Client A&AAAA query over IPv4 Enterprise DNS Server A&AAAA query over IPv4 Internet DNS v4 Server Internet DNS v6 Server Enterprise IPv4 or IPv6 Subnet IPv4 Internet IPv6 Internet A&AAAA query over IPv6 6to4 Router A&AAAA IPv6 query tunneled in IPv4 6to4 Relay A&AAAA query over IPv6 + Leutert NetServices World IPv6 Launch June 6th, 2012 21

IPv6 Domain Name System (DNS) A & AAAA record query & response over IPv6 transport A & AAAA record query & response over IPv4 transport Leutert NetServices World IPv6 Launch June 6th, 2012 22

IPv6 Domain Name System (DNS) How to force the Client to use IPv6 protocol If a global IPv6 address is provided, most newer OSs prefer IPv6 over IPv4 Some content providers use a separate namespace (www.six.heise.de) Newer Browsers will try to resolve A and AAAA record of an URI If an A and an AAAA record is available, IPv6 will be preferred Happy Eyeball (RFC6555) solves problem with slow fallback if IPv6 fails TCP SYN over IPv4 TCP SYN over IPv4 www.wireshark.ch 82.196.224.120 www.wireshark.ch 2001:1b50::82:195:224:120 Enterprise IPv4/IPv6 Subnet IPv4 Internet IPv6 Internet Dual Stack Client TCP SYN native IPv6 6rd Router IPv6 TCP SYN tunneled in IPv4 6to4 Relay TCP SYN native IPv6 If IPv6 is slow or fails Fallback to IPv4 + Leutert NetServices World IPv6 Launch June 6th, 2012 23

IPv6 Domain Name System (DNS) IPv6 preferred before IPv4 (WIN7 Client with Firefox 12.0) Leutert NetServices World IPv6 Launch June 6th, 2012 24

Agenda Address Autoconfiguration Neighbor discovery, Router discovery Host configuration with DHCPv6 New DNS AAAA record Transition technologies, 6rd Tunnel Leutert NetServices World IPv6 Launch June 6th, 2012 25

Transition Technologies, 6rd 6rd Rapid Deployment Tunnel Named after inventor Remi Despres / France First deployed by large French ISP FREE within 5 weeks in 2007 6rd does NOT use the 6to4 global address prefix 2002:WWXX:YYZZ::/48 Uses IPv6 prefix provided by ISP instead (i.e. Swisscom 2a02:1200::/28) Minimal changes on ISPs IPv4 infrastructure IPv6 Client 6rd ADSL CE Router (Customer Edge) 6rd BR (Border Relays) Server IPv6 Customer IPv6 Subnets FREEs IPv4 Prefix 82.224.0.0/11 IPv6 Internet IPv6 tunneled through Customers IPv6 network ISPs IPv4 network IPv6 Internet Leutert NetServices World IPv6 Launch June 6th, 2012 26

Transition Technologies, 6rd 6rd Rapid Deployment Tunnel Swisscom is providing public IPv4 address to Residential Gateway (RG) Swisscom is using IPv4 anycast address 193.5.122.254 for 6rd Border Relays Border Relays are stateless, traffic flow through any BR in both directions Works with global IPv4 and NAT44 addresses in customers network Configuration Example: IPv6 Client 6rd RG (Residential Gateway) IPv6rd Prefix 2a02:1200::/28 6rd BR (Border Relays) Server IPv6 Customer IPv6 Subnets RG address 178.198.149.230 BR address 193.5.122.254 IPv6 Internet Leutert NetServices World IPv6 Launch June 6th, 2012 27

Transition Technologies, 6rd 6rd Rapid Deployment Tunnel IPv6 Client derives prefix from Swisscoms IPv6 and IPv4 prefixes Configuration Example: IPv6 Client 6rd RG (Residential Gateway) IPv6rd Prefix 2a02:1200::/28 6rd BR (Border Relays) Server IPv6 Customer IPv6 Subnets RG address 178.198.149.230 BR address 193.5.122.254 IPv6 Internet 2a02:120b:2c69:5e60:221:ccff:fe44:87dc (randomize / privacy = off) IPv6 Prefix IPv4 RG address 2a02:1200/28 178.198.149.230 2a 01 12 0 b 2c 69 5e6 0 02 21 cc f f fe 44 87 dc IPv6 Prefix I/F Identifier Leutert NetServices World IPv6 Launch June 6th, 2012 28

Transition Technologies, 6rd 6rd Rapid Deployment Tunnel Easy and fast deployments for ISPs Simple, stateless, automatic IPv6-in-IPv4 encap and decap functions IPv6 traffic automatically follows IPv4 Routing between CPE and BR From Swisscom offered as IPv6 Service (Pilot, today ~22 000 customers) Provides native IPv6 access to home user Configuration Example: IPv6 Client 6rd RG (Residential Gateway, CPE) IPv6rd Prefix 2a02:1200::/28 6rd BR (Border Relay) IPv6 Internet Server IPv6 Customer IPv6 Subnets RG address 178.198.149.230 BR address 193.5.122.254 all routes 2a02:1200/28 to Swisscom BR 2a02:120b:2c69:5e60:221:ccff:fe44:87dc (randomize / privacy = off) www.six.heise.de 2a02:2e0:3fe:100::6 Leutert NetServices World IPv6 Launch June 6th, 2012 29

Transition Technologies, 6rd 6rd Rapid Deployment Tunnel DNS IPv4: 195.186.1.162 DNS IPv6: 2001:470:20::2 Firewall &Router 178.198.149.230 VDSL Modem VDSL IPv4 Internet IPv6 Internet A B 6rd Tunnel 178.198.149.230 193.5.122.254 2a02:120b:2c69:5e60:221:ccff:fe44:87dc Swisscom 6rd Relay Server: www.six.heise.de 2a02:2e0:3fe:100::6 IPv4/IPv6 IPv4 only IPv6 Conversation Enterprise IPv4/IPv6 Subnet 2a02:120b:2c69:5e60::/64 Enterprise IPv4 Subnet 192.168.0.0/24 IPv4/IPv6 Client (dual stack) IPv4 Client 2a02:120b:2c69:5e60:221:ccff:fe44:87dc (randomize / privacy = off) Swisscom Präfix: 2a02:1200::/28 6rd Relay: 6rd.swisscom.com 193.5.122.254 Leutert NetServices World IPv6 Launch June 6th, 2012 30

Transition Technologies, 6rd 6rd Rapid Deployment Tunnel Leutert NetServices World IPv6 Launch June 6th, 2012 31

IPv6 Session Summary Verify IPv6 readiness of your suppliers Verify IPv6 readiness of your applications IPv6 can perfectly coexist with IPv4 Start experimenting using 6rd Tunnel Network migration can be done smoothly Train yourself and your people Wireshark is the perfect tool to learn and train Interesting IPv6 references: How to get www.worldipv6launch.org Organized by the Internet Society, World IPv6 Launch on 6 June 2012 is intended to motivate organizations across the industry to prepare for and permanently enable Internet Protocol version 6. www.sixxs.net IPv6 Deployment and IPv6 Tunnel Broker, helping to deploy IPv6 around the world, IPv6 monitoring, IPv6 routing monitoring, IPv6 coordination. www.ipv6forum.com World-wide consortium of Internet vendors aiming to promote IPv6. Includes mailing lists, event listings, technical information, and links Leutert NetServices World IPv6 Launch June 6th, 2012 32

Our Trainings NET-Analysis with Wireshark 2 days introduction to Network Analysis using Wireshark. A perfect quick start and overview of Wireshark's almost unlimited possibilities for troubleshooting and analysing problems in TCP/IP, WLAN, VoIP network. WLAN Wireshark Network Analyser Training 3 days training providing in-depth knowledge and skills in WLAN 802.11a/b/g/n technology, analysing and troubleshooting problems using the Wireshark network analyser and AirPcap USB WLAN Adapters. TCP/IP Wireshark Network Analyser Training 3 days training providing in-depth knowledge and skills in TCP/IP network technology, analysing and troubleshooting problems using the Wireshark network analyser. Covering also all important new features of TCP like Window Scaling, Selective Acknowledges, Time Stamp, Checksum & Chimney offloading, Win7 Auto tuning, Wireshark TCP Expert System & TCP Graph and many more. VoIP Wireshark Network Analyser Training 2 days hands-on training analysing most popular VoIP protocols like Session Initiation Protocol (SIP), H.323 Protocol, Session Description Protocol (SDP), Skinny Client Control Protocol (SCCP), Real-time Transport Protocol (RTP), RTP Control Protocol (RTCP), Megaco/H.248 Gateway Control Protocol, Media Gateway Control Protocol (MGCP) using the Wireshark network analyser. IPv6 Wireshark Network Analyser Training 2 days training providing in-depth knowledge and skills in IPv6 network technology, analyzing and troubleshooting protocols & processes like Automatic Address Configuration, "Neighbor & Router Discovery, "Multicast Listener Discovery", Tunnelling Methods ISATAP, Teredo, 6to4, 6rd etc. In-house Wireshark Training If you need to train more than 4 students, please ask for customized in-house and onsite courses. All training are provided by highly experienced and certified network professionals from Leutert NetServices in English and German. Please ask for an offer through info@wireshark.ch Our complete list of trainings & locations on http://www.wireshark.ch/de/wireshark-kurse/oeffentliche-kurse Leutert NetServices World IPv6 Launch June 6th, 2012 33

Thanks for visiting SeaPics.com Rolf Leutert, Leutert NetServices, www.wireshark.ch